This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.501-5 released


Up2Date 9.501005 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade
Connected Wifi APs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-6868]: [AWS, REST API] Missing trailing slash in Swagger URLs
Fix [NUTM-6908]: [AWS, REST API] [RESTD] Consistent authentication look and feel
Fix [NUTM-7173]: [AWS, REST API] [RESTD] Selfmon cannot (re)start restd
Fix [NUTM-7633]: [AWS, REST API] Authentication with umlauts and some special characters not working
Fix [NUTM-6727]: [AWS] AWS_CONVERSION_PRE_CHECK_FAILED (Pre-check failed: 127.)
Fix [NUTM-7374]: [AWS] Link to RESTful API documentation
Fix [NUTM-7497]: [AWS] selfmon complains about missing awslogsd during Up2Date
Fix [NUTM-7658]: [AWS] Swagger UI XSS vulnerability
Fix [NUTM-7442]: [Access & Identity, RED] [RED] 3G Failback with RED15(w) not working if DHCP server is shutting down
Fix [NUTM-6504]: [Access & Identity] OpenVPN 2.4.0 deprecated option "tls-remote"
Fix [NUTM-6606]: [Access & Identity] Re-occuring issues with the Sophos UTM Support access
Fix [NUTM-7111]: [Access & Identity] Multiple open vulnerabilities in libvncserver
Fix [NUTM-7157]: [Access & Identity] VPN users not being created when backend AD group is used
Fix [NUTM-7295]: [Access & Identity] HTML5 VPN: Comma not working on Portuguese (Brazil) keyboard
Fix [NUTM-7350]: [Access & Identity] [RED] USB stick E3372 does not work with RED 15
Fix [NUTM-7377]: [Access & Identity] Remote Access tab won't load after selecting the OTP Token tab in the User Portal
Fix [NUTM-7448]: [Access & Identity] SSLVPN: download of configuration for windows should use tls-remote option
Fix [NUTM-7774]: [Access & Identity] HTML5 - Mouse not working on Touch Devices
Fix [NUTM-7874]: [Access & Identity] Openvpn: DoS due to Exhaustion of Packet-ID counter (CVE-2017-7479)
Fix [NUTM-6956]: [Basesystem] Hardware LCD screen: IP address of ports other than eth0 cannot be changed through LCD
Fix [NUTM-7067]: [Basesystem] Update OpenSSH to openssh-6.6p1
Fix [NUTM-7069]: [Basesystem] Linux: CVE-2017-6214: ipv4/tcp: infinite loop in tcp_splice_read()
Fix [NUTM-7626]: [Basesystem] BIND Security update (CVE-2017-3136, CVE-2017-3137)
Fix [NUTM-7646]: [Basesystem] NTP Security update (CVE-2017-6458, CVE-2017-6460)
Fix [NUTM-7742]: [Basesystem] Update Appctrl (4.4.1.21)
Fix [NUTM-6978]: [Confd] Configuration backups do not properly sanitize information
Fix [NUTM-7160]: [Confd] "&" sign in RADIUS secret will be converted into "&"
Fix [NUTM-7636]: [Confd] If changing name in REF_DefaultSuperAdmin 'Admin reset password' page is not presented
Fix [NUTM-3513]: [Email] MIME type filter doesn't detect real mime type
Fix [NUTM-3516]: [Email] POP3 prefetch sometimes stops working
Fix [NUTM-3669]: [Email] SMTP Proxy vulnerable by TLS renegotiation (CVE-2011-1473)
Fix [NUTM-3671]: [Email] SPX encrypted messages are vulnerable to access without proper authentication
Fix [NUTM-3677]: [Email] Maildrop locked for account_id
Fix [NUTM-4324]: [Email] Changing Email Protection settings fails with Sandstorm enabled and trial expired
Fix [NUTM-5388]: [Email] Individual SMTP profiles not updated with changed global settings
Fix [NUTM-5545]: [Email] Quarantine report can't be enabled under some circumstances
Fix [NUTM-6379]: [Email] Frequent cssd coredumps
Fix [NUTM-6986]: [Email] Sender blacklist doesn't allow '&' sign within the email address
Fix [NUTM-7220]: [Email] WAF reporting virus found when AV engine on the UTM is updating
Fix [NUTM-7625]: [Email] SMTP DLP expressions do not trigger under specific condition
Fix [NUTM-7722]: [Email] mailbox_size_limit is smaller than message_size_limit in notifier log
Fix [NUTM-3170]: [Network] Time-base access for wireless is dropping ipsec-routes and not creating them again
Fix [NUTM-6992]: [Network] OSPF re-announcing static routes
Fix [NUTM-7044]: [Network] Disable a VLAN associated with the WAN interface breaks the complete communication
Fix [NUTM-7439]: [Network] nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
Fix [NUTM-7395]: [RED] [RED] Split networks/domains fields not shown when editing RED10/15
Fix [NUTM-7491]: [RED] WARNING: CPU: 0 PID: x at net/core/dst.c:293 dst_release+0x30/0x51()
Fix [NUTM-7060]: [Reporting] Search in reports doesn't work if the username contains only numbers
Fix [NUTM-6651]: [Sandboxd] All sandstorm tagged mails get stuck in "Sandstorm scan pending"
Fix [NUTM-4804]: [WAF] Redirect to original requested path after form-based auth
Fix [NUTM-6930]: [WAF] WAF not responding after reboot of the AWS UTM
Fix [NUTM-7178]: [WAF] Segmentation fault in mod_xml2enc for multi-byte charsets
Fix [NUTM-7362]: [WAF] Fix localization strings in Confd
Fix [NUTM-7698]: [WAF] WAF URL redirection and Site path routing can be configured for the same path
Fix [NUTM-7806]: [WAF] WAF - inconsistency with two or more site path routes for '/'
Fix [NUTM-7857]: [WAF] Changing the order of real webservers in the virtual webserver edit form isn't working
Fix [NUTM-6617]: [WebAdmin] Search for Network Definitions breaks in Chrome with over 1000 objects
Fix [NUTM-7652]: [WebAdmin] Not possible to download different SSL VPN User Profiles in one Firefox Session
Fix [NUTM-7870]: [WebAdmin] Comment not displayed for Time Period definition
Fix [NUTM-5794]: [Web] IPv6 fallback to IPv4 doesn't work
Fix [NUTM-6502]: [Web] HTTP Proxy coredumping with EC CA certificate
Fix [NUTM-6532]: [Web] AD Users are prefetched in lowercase letters
Fix [NUTM-6809]: [Web] URL category name "Potiental Unwanted Programs" spelling mistake on sophostest.com
Fix [NUTM-6848]: [Web] HTTPS warn behaviour when "Block all content, except..." is selected
Fix [NUTM-6867]: [Web] New httpproxy coredumps after update to v9.411 - ReleaseToCentralCache
Fix [NUTM-7076]: [Web] UTM not updating AD group definition
Fix [NUTM-7167]: [Web] OTP Using AD Backend Membership - duplicates user when capital letters are used in the username
Fix [NUTM-7321]: [Web] Non existent or non proxy users are able to create SSL webfilter exceptions
Fix [NUTM-7367]: [Web] Difference between web_filter templates and default templates in web filter
Fix [NUTM-5612]: [WiFi] Manual channel selection not possible in both bands for SG W appliances

RPM packages contained:
libffi4-5.3.1+r233831-10.1.1928.g802864c.rb2.i686.rpm
libvncserver-0.9.11-0.g483b9a9.rb13.i686.rpm
cm-nextgen-agent-9.50-14.gd2afd53.rb8.i686.rpm
firmwares-bamboo-9400-0.253109868.ge2f1a38.rb10.i586.rpm
freerdp-1.0.2-9.gae4b426.rb5.i686.rpm
jq-1.5-0.233418733.gd9cd757.rb7.i686.rpm
modwhatkilledus-2.01-0.258193062.g46092ac.rb5.i686.rpm
perf-tools-3.12.71-0.260897424.gc3a7f26.rb4.i686.rpm
perl-Date-Calc-5.4-1.1246.gb797af7.rb10.i686.rpm
perl-File-LibMagic-0.96-1.952.ga51b3e8.rb10.i686.rpm
perl-Net-SSLeay-1.49-1.761.gd1bee20.rb14.i686.rpm
poe-tools-1.1.0.B4-5.g0bf09d8.rb3.i686.rpm
postfix-2.11.0-16.gbdc4d92.rb5.i686.rpm
red-firmware2-5115-0.g86f9da2.rb2.noarch.rpm
red15-firmware-5115-0.g549da12.rb2.noarch.rpm
rubygem-addressable-2.5.0-0.261590369.g3505143.i686.rpm
rubygem-airbrake-5.7.1-0.261590369.g3505143.i686.rpm
rubygem-airbrake-ruby-1.7.1-0.261590369.g3505143.i686.rpm
rubygem-aws-sdk-1.66.0-0.261590369.g3505143.i686.rpm
rubygem-aws-sdk-v1-1.66.0-0.261590369.g3505143.i686.rpm
rubygem-celluloid-0.17.3-0.261590369.g3505143.i686.rpm
rubygem-celluloid-essentials-0.20.5-0.261590369.g3505143.i686.rpm
rubygem-celluloid-extras-0.20.5-0.261590369.g3505143.i686.rpm
rubygem-celluloid-fsm-0.20.5-0.261590369.g3505143.i686.rpm
rubygem-celluloid-pool-0.20.5-0.261590369.g3505143.i686.rpm
rubygem-celluloid-supervision-0.20.6-0.261590369.g3505143.i686.rpm
rubygem-crack-0.4.3-0.261590369.g3505143.i686.rpm
rubygem-diff-lcs-1.2.5-0.261590369.g3505143.i686.rpm
rubygem-docile-1.1.5-0.261590369.g3505143.i686.rpm
rubygem-hashdiff-0.3.2-0.261590369.g3505143.i686.rpm
rubygem-hitimes-1.2.4-0.261590369.g3505143.i686.rpm
rubygem-json-1.8.3-0.261590369.g3505143.i686.rpm
rubygem-little-plugger-1.1.4-0.261590369.g3505143.i686.rpm
rubygem-logging-2.1.0-0.261590369.g3505143.i686.rpm
rubygem-mini_portile2-2.0.0-0.261590369.g3505143.i686.rpm
rubygem-multi_json-1.12.1-0.261590369.g3505143.i686.rpm
rubygem-nokogiri-1.6.7.2-0.261590369.g3505143.i686.rpm
rubygem-pg-0.19.0-0.261590369.g3505143.i686.rpm
rubygem-pidfile-0.3.0-0.261590369.g3505143.i686.rpm
rubygem-public_suffix-2.0.5-0.261590369.g3505143.i686.rpm
rubygem-retries-0.0.5-0.261590369.g3505143.i686.rpm
rubygem-rspec-3.5.0-0.261590369.g3505143.i686.rpm
rubygem-rspec-core-3.5.4-0.261590369.g3505143.i686.rpm
rubygem-rspec-expectations-3.5.0-0.261590369.g3505143.i686.rpm
rubygem-rspec-mocks-3.5.0-0.261590369.g3505143.i686.rpm
rubygem-rspec-support-3.5.0-0.261590369.g3505143.i686.rpm
rubygem-safe_yaml-1.0.4-0.261590369.g3505143.i686.rpm
rubygem-sequel-4.42.0-0.261590369.g3505143.i686.rpm
rubygem-simplecov-0.12.0-0.261590369.g3505143.i686.rpm
rubygem-simplecov-html-0.10.0-0.261590369.g3505143.i686.rpm
rubygem-sophos-iaas-1.0.0-1.0.261590369.g3505143.i686.rpm
rubygem-thor-0.19.4-0.261590369.g3505143.i686.rpm
rubygem-timers-4.1.2-0.261590369.g3505143.i686.rpm
rubygem-webmock-2.3.2-0.261590369.g3505143.i686.rpm
smartmontools-6.3-0.8.18.1839.g75c7a1d.rb4.i686.rpm
smartmontools64-6.3-0.8.18.1839.g75c7a1d.rb4.x86_64.rpm
uma-9.50-14.gaa3457e.rb2.i686.rpm
ep-reporting-9.50-38.g1a0cefa.rb4.i686.rpm
ep-reporting-c-9.50-124.g59b7e11.rb2.i686.rpm
ep-reporting-resources-9.50-38.g1a0cefa.rb4.i686.rpm
ep-aua-9.50-57.g787ddae.rb3.i686.rpm
ep-awslogsd-1.0.0-0.257349137.g074aa16.rb3.noarch.rpm
ep-branding-ASG-afg-9.50-69.gf358be6.rb4.noarch.rpm
ep-branding-ASG-ang-9.50-69.gf358be6.rb4.noarch.rpm
ep-branding-ASG-asg-9.50-69.gf358be6.rb4.noarch.rpm
ep-branding-ASG-atg-9.50-69.gf358be6.rb4.noarch.rpm
ep-branding-ASG-aug-9.50-69.gf358be6.rb4.noarch.rpm
ep-confd-9.50-1493.g1757d65.rb7.i686.rpm
ep-confd-tools-9.50-1349.g2fdea77.rb10.i686.rpm
ep-cssd-9.50-40.g971b649.rb5.i686.rpm
ep-ha-aws-9.50-447.g3505143.noarch.rpm
ep-hardware-9.50-9.g78972ac.rb4.i686.rpm
ep-init-9.50-32.ged54bd4.rb5.noarch.rpm
ep-localization-afg-9.50-47.ge4415cc.i686.rpm
ep-localization-ang-9.50-47.ge4415cc.i686.rpm
ep-localization-asg-9.50-47.ge4415cc.i686.rpm
ep-localization-atg-9.50-47.ge4415cc.i686.rpm
ep-localization-aug-9.50-47.ge4415cc.i686.rpm
ep-mdw-9.50-865.g185fa84.rb8.i686.rpm
ep-notifier-9.50-11.gbdc4d92.rb5.i686.rpm
ep-restd-9.50-0.258129422.g139f398.rb2.i686.rpm
ep-sandboxd-9.50-0.260897473.g0fcf45d.rb2.i686.rpm
ep-service-monitor-1.0-47.gba07d2e.rb6.i686.rpm
ep-tools-9.50-12.g575d37d.rb3.i686.rpm
ep-up2date-9.50-19.g80be99a.rb2.i686.rpm
ep-up2date-downloader-9.50-19.g80be99a.rb2.i686.rpm
ep-up2date-pattern-install-9.50-19.g80be99a.rb2.i686.rpm
ep-up2date-system-install-9.50-19.g80be99a.rb2.i686.rpm
ep-webadmin-9.50-1190.g9b0b596.i686.rpm
ep-webadmin-contentmanager-9.50-76.g9d52d5f.rb4.i686.rpm
ep-webadmin-spx-9.50-1.g459bf94.rb7.i686.rpm
u2d-aws-9-269.i686.rpm
u2d-ipsbundle2-9-70.i686.rpm
ep-cloud-ec2-9.50-108.gc2afeae.rb2.i686.rpm
ep-chroot-smtp-9.50-111.gacdc2a1.rb4.i686.rpm
chroot-bind-9.10.4_P8-0.258574549.g00918f3.rb5.i686.rpm
chroot-clientlessvpn-9.50-3.g26d9e33.rb6.i686.rpm
chroot-ipsec-9.50-19.gd962c31.rb4.i686.rpm
chroot-ntp-4.2.8p10-0.ge44e0f0.rb5.i686.rpm
chroot-openvpn-9.50-28.g67a99ed.rb5.i686.rpm
chroot-pptp-9.50-2.gfec3bed.rb4.i686.rpm
chroot-reverseproxy-2.4.10-359.g489be09.rb4.i686.rpm
chroot-smtp-9.50-19.g22a3493.rb2.i686.rpm
ep-chroot-pop3-9.50-12.g53e1c3b.rb2.i686.rpm
ep-httpproxy-9.50-396.g0618cbe.rb3.i686.rpm
kernel-smp-3.12.71-0.260897424.gc3a7f26.rb4.i686.rpm
kernel-smp64-3.12.71-0.260897424.gc3a7f26.rb4.x86_64.rpm
ep-release-9.501-5.noarch.rpm



This thread was automatically locked due to age.
Parents
  • on my utm-cluster at work it seems they have pulled back 9.5x update.

    only 9.414 is offered.... some hours before i saw both.. 9.414 and 9.5x

    strange...

     

    some explanation from sophos will be helpful ...

     

    screenshot from utm at work:

     

    screenshot from my utm at home:

     

    i have checked them both one minute ago.....

     

     

    maybe some explanation for us?

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • zaphod said:

    on my utm-cluster at work it seems they have pulled back 9.5x update.

    only 9.414 is offered.... some hours before i saw both.. 9.414 and 9.5x

    strange...

     

    some explanation from sophos will be helpful ...

    Hi Zaphod,

    sure I can explain that. 

    Whenever we have two release streams to support and do a new update on the "older" release stream we have to adjust the update path. For UTM there has be be only one update path.

    We release 9.501 yesterday and 9.414 today. Therefore we have to replace the update package from 9.413->9.500 with the new one 9.414->9.501. Otherwise no one could update to 9.414.

    So we haven't pulled back any release, we just updated the path to go from 9.4 to 9.5.

     

    Additionally we are still in staging. So only machines which are in the staging pool will see the update to 9.5. But since you seem to be in the pool, the cluster nodes should get the new update when they sync again.

     

    Hope it helps.

    /talex

    - 21 is only half of the truth

  • thnx for your prompt explanation :-)

     

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • talex, thanx for your reply.

    the machine I mentioned is now announced up2date with 9.414-2 and 9.501-5.

    this machine do only use basic firewall and web protection - no SSO, VPN, Wifi, WAF, Mail, ... - and is maybe for this in the staging pool. But I have about 100km to run if it's broken, so sorry, that I do not already update...

    Nathan

  • NvA said:

    the machine I mentioned is now announced up2date with 9.414-2 and 9.501-5.

    this machine do only use basic firewall and web protection - no SSO, VPN, Wifi, WAF, Mail, ... - and is maybe for this in the staging pool. But I have about 100km to run if it's broken, so sorry, that I do not already update...

    Nathan

     

    Hi Nathan,

    The staging pool is filled with "first come first serve". We don't use any other attributes.

    With the staging we offer the new feature release to a limited amount of boxes to reduce the risks (we can't test every scenario/setup you might use). But we also offer to stay on the old release stream and we will continue to release maintenance updates for 9.4 for some time. So it's fine to stay there. We monitor the installation base and adjust the staging pool as needed.

    /talex

    - 21 is only half of the truth

Reply
  • NvA said:

    the machine I mentioned is now announced up2date with 9.414-2 and 9.501-5.

    this machine do only use basic firewall and web protection - no SSO, VPN, Wifi, WAF, Mail, ... - and is maybe for this in the staging pool. But I have about 100km to run if it's broken, so sorry, that I do not already update...

    Nathan

     

    Hi Nathan,

    The staging pool is filled with "first come first serve". We don't use any other attributes.

    With the staging we offer the new feature release to a limited amount of boxes to reduce the risks (we can't test every scenario/setup you might use). But we also offer to stay on the old release stream and we will continue to release maintenance updates for 9.4 for some time. So it's fine to stay there. We monitor the installation base and adjust the staging pool as needed.

    /talex

    - 21 is only half of the truth

Children
No Data